MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 484ca4f8e3e484587227620b04812b3de6cccf96a2e44eb05532c42385d13b2d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 484ca4f8e3e484587227620b04812b3de6cccf96a2e44eb05532c42385d13b2d
SHA3-384 hash: 35a1254b7128c61c442da747251c40fb3d0a6a8ab9b96e236c1defe9683f2d1d7db618adc2ac30d85f977db57e7f90dc
SHA1 hash: 1073bcfc4a314307df770979c3f6ad6bdf04a25a
MD5 hash: 2a65ecd27f5252f75390f9c22acf4f2c
humanhash: march-pip-snake-seven
File name:Payment Swift PIJ2D032600.pdf.xz
Download: download sample
Signature AgentTesla
Create hunting rule
File size:1'096'751 bytes
First seen:2020-05-28 06:41:03 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 24576:6Hzja7zFNbKFcWaFw0SaB+mkEWuRcJrYSVvueKV1ZVAon7d8wywR:6PaXFRKxaFw0SaIm12OeKV1Zt7dlyo
TLSH 453533843AD05B424670356FFA202EBC489A5DC49725C7F6F9D4F58886F884617CB3EB
Reporter abuse_ch
Tags:AgentTesla xz


Avatar
abuse_ch
Malspam distributing AgentTesla:

HELO: cpns3.citechco.net
Sending IP: 203.191.33.193
From: Andrew Yang crystal <crystal_ong@sungreen-asia.com>
Subject: RE:PAYMENT SWIFT
Attachment: Payment Swift PIJ2D032600.pdf.xz (contains "Payment Swift PIJ2D032600.pdf.exe")

AgentTesla SMTP exfil server:
mail.rajalakshmi.co.in:587

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 04:01:52 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
26 of 48 (54.17%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AgentTesla

xz 484ca4f8e3e484587227620b04812b3de6cccf96a2e44eb05532c42385d13b2d

(this sample)

AgentTesla

Executable exe 16fd6da285b47443d75cd87eff0cd554c7cfc747488d4e79e2a78033af2709ee

  
Dropping
MD5 759e7da13cc353d90f797a197606bd6f
  
Dropping
AgentTesla
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16fd6da285b47443d75cd87eff0cd554c7cfc747488d4e79e2a78033af2709ee

Comments